MidnightBSD

Advisories for fastrack

CVE-2021-35951

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device.

Products Affected

Vendor Product Version
fastrack reflex_2.0_firmware 90.89
CVE-2021-35952

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017.

Products Affected

Vendor Product Version
fastrack reflex_2.0_firmware 90.89
CVE-2021-35953

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service (device outage) via crafted choices of the last three bytes of a characteristic value.

Products Affected

Vendor Product Version
fastrack reflex_2.0_firmware 90.89
CVE-2021-35954

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature.

Products Affected

Vendor Product Version
fastrack reflex_2.0_firmware 90.89